Commits
-------
022a9a7 [Security] Make saving target_path extendible
Discussion
----------
[Security] Make saving target_path extendible
The problem lies in how Security component handles ``target_path`` - the latest request URI is always stored. This can lead to problems in following scenarios:
a) The response type of the request is not HTML (think JSON, XML ..)
b) The URI matches a route that does not listen to HTTP GET
I opened a [PR](https://github.com/symfony/symfony/pull/604) months ago, to partly solve scenario A, which did not make it. Now I am proposing a different solution - user can extend ``ExceptionListener`` and override the logic behind setting the ``target_path`` to match his precise needs.
In my simplified scenario, I would be using:
```
protected function setTargetPath(Request $request)
{
if ($request->isXmlHttpRequest() || 'GET' !== $request->getMethod()) {
return;
}
$request->getSession()->set('_security.target_path', $request->getUri());
}
```
@Seldaek, @schmittjoh, @lsmith77, thoughts?
---------------------------------------------------------------------------
by Seldaek at 2011/09/21 02:37:02 -0700
Seems like a better solution for flexibility's sake. Would be quite awesome if you could add a cookbook entry to symfony/symfony-docs about this, otherwise I'm afraid we'll have to explain it over and over again :)
---------------------------------------------------------------------------
by helmer at 2011/09/21 03:38:57 -0700
[Cookbook](b22c5e666e) entry done. Perhaps though I rushed ahead ..
---------------------------------------------------------------------------
by Seldaek at 2011/09/21 03:52:01 -0700
Thanks. You can already do a pull request against symfony-docs, just reference this pull request in it so it's not merged before this is merged.
Commits
-------
95dc7e1 Fixed fourth argument of Filesystem->mirror()
Discussion
----------
Fixed fourth argument of Filesystem->mirror()
See #2027 and #2033 for discussion.
@fabpot said that we don't want to use symlink at all on Windows so if this is confirmed, we should also change ``Filesystem->symlink()`` implementation.
---------------------------------------------------------------------------
by alexandresalome at 2011/09/16 08:29:40 -0700
Tested on Windows, OK for me
* EvanK-patch-1:
Per the [documentation][1], the `NotBlank` constraint should be using the `empty` language construct, otherwise it will not trigger on, for example, a boolean false from an unchecked checkbox field.
Doctrine caches annotations. For methods, it uses PHP reflection and the getDeclaringClass() to create
a unique cache key. Unfortunately, if you have 2 classes that extend another one, the cache will be shared.
It's not a problem except that before this patch, the default route name was also cached (as the cache is serialized
after we changed the object). So, all other classes inherited this default route name. The fix is quite easy:
just don't change the read annotation object.
Commits
-------
020fa51 [RedirectResponse] Added missing `doctype` and `title` tag
Discussion
----------
[RedirectResponse] Added missing `doctype` and `title` tag
* domcrawler-disabled-fields:
[DomCrawler] fixed disabled fields in forms (they are available in the DOM, but their values are not submitted -- whereas before, they were simply removed from the DOM)
$node->hasAttribute('disabled') sf2 should not create disagreement between implementation and practice for a crawler. If sahi real browser can find an element that is disabled, then sf2 should too. https://github.com/Behat/Mink/pull/58#issuecomment-1712459
Commits
-------
8a980bd $node->hasAttribute('disabled') sf2 should not create disagreement between implementation and practice for a crawler. If sahi real browser can find an element that is disabled, then sf2 should too. https://github.com/Behat/Mink/pull/58#issuecomment-1712459
Discussion
----------
$node->hasAttribute('disabled') sf2 should not create disagreement betwee
$node->hasAttribute('disabled') sf2 should not create disagreement between implementation and practice for a crawler. If sahi real browser can find an element that is disabled, then sf2 should too.
https://github.com/Behat/Mink/pull/58#issuecomment-1712459
---------------------------------------------------------------------------
by cordoval at 2011/08/09 20:34:56 -0700
@fabpot please let me know if this is going to be in sometime soon or not, just wondering why it is deviating ...
---------------------------------------------------------------------------
by fabpot at 2011/08/23 01:11:42 -0700
I have just checked in a browser and the Symfony2 implementation is actually the right one.
Try this in a browser:
<form action='#' method="post">
<input name="foo" disabled="disabled" value="foo" />
<input name="bar" value="bar" />
<input type="submit" />
</form>
<?php
print_r($_POST);
// output: Array ( [bar] => bar ) when the form is submitted
And here is the discussion about it in the HTML4 spec: http://www.w3.org/TR/html4/interact/forms.html#h-17.12:
"In this example, the INPUT element is disabled. Therefore, it cannot receive user input nor will its value be submitted with the form."
And the same is tru for HTML5: http://www.w3.org/TR/html5/association-of-controls-and-forms.html#constructing-form-data-set
---------------------------------------------------------------------------
by cordoval at 2011/08/23 01:29:53 -0700
@fabpot I guess you got my scenario wrong. I am not trying to submit any form. I am just happen to have a disabled box that is checked and I want to read with the DOM Crawler that is checked. Not to submit or anything but for the purposes of testing.
Please consider also that this request comes from asserting values using behat mink, mink is fully dependent on sf2 driver for when it is used except it is told to use a different driver like a real browser like sahi. When testing in chrome and firefox, the verification with the DOM is made that the disabled box is checked properly. Symfony2 DOM Crawler however misses that spot for that use.
Even in the case where Symfony2 DOM Crawler component would have been thought not for this purpose of testing, or further for this particular scenario it would be good to make it more reusable for this kind of scenario.
Just saying....
---------------------------------------------------------------------------
by fabpot at 2011/08/23 02:00:34 -0700
Indeed, I didn't get your issue right. So, basically, all fields should be in the form, but the disabled field values should not be submitted (that makes sense).
I've prepared a fix in this patch: e8852586073bc23d4a41f4cd9cbe0d17a2f0c76d which is in the symfony/domcrawler-disabled-fields branch for now as I don't know if we can make this change in 2.0 or if we need to put it in 2.1.
---------------------------------------------------------------------------
by cordoval at 2011/08/23 02:15:01 -0700
oh no I was hoping to enter the authors, you already did the fix :'(
Commits
-------
e9d2a67 CS
3a64b08 Search in others user providers when a user is not found in the first user provider and throws the right exception.
Discussion
----------
Chain user provider doesn't search in all user providers
I commit these changes because Chain user provider doesn't search in all user providers.
Example with the Acme/DemoBundle:
// security.yml
...
providers:
chain_provider:
providers: [in_memory, in_memory_extend]
in_memory_extend:
users:
admin2: { password: adminpass2, roles: [ 'ROLE_ADMIN' ] }
in_memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
...
firewalls:
...
secured_area:
pattern: ^/demo/secured/
provider: chain_provider OR in_memory_extend
...
We can see these logs :
security.INFO: User "admin2" has been authenticated successfully [] []
security.DEBUG: Write SecurityContext in the session [] []
security.DEBUG: Read SecurityContext from the session [] []
security.DEBUG: Reloading user from user provider. [] []
security.WARNING: Username "admin2" could not be found. [] []
The new code search in others user providers when a user is not found in the first user provider and throws the right exception.
---------------------------------------------------------------------------
by lsmith77 at 2011/08/14 12:20:04 -0700
I wonder if it should be a provider option to continue on a failed user lookup. I can see cases where you really dont want to iterate over all providers and others where you do.
---------------------------------------------------------------------------
by Abhoryo at 2011/08/14 17:27:16 -0700
If someone need a provider like you describe, he can create one.
Here we talk about a chain user provider.
Doc : [using-multiple-user-providers](http://symfony.com/doc/current/book/security.html#using-multiple-user-providers)
We can read in the doc: "The chain_provider will, in turn, try to load the user from both the in_memory and user_db providers."
But its not the case right now.
Commits
-------
c29fa9d [Form] Fix for treatment zero as empty data. Closes#1986
Discussion
----------
[Form] Fix for treatment zero as empty data. Closes#1986
For more info please read #1986.
Commits
-------
8d48cea [EventDispatcher] Change the license of EventDispatcher from LGPL to MIT
Discussion
----------
[EventDispatcher] Change the license of EventDispatcher from LGPL to MIT
It was previously agreed to re-license the Doctrine2 based
EventDispatcher refactoring to use the MIT license. However, the files
still retain the LGPL license notice.
This commit changes the license to MIT.
---------------------------------------------------------------------------
by fabpot at 2011/08/21 05:55:00 -0700
That's right but I would prefer that the PR comes from someone of the Doctrine core team like @beberlei or @jwage.
---------------------------------------------------------------------------
by fabpot at 2011/08/21 05:55:28 -0700
or at least, they can perhaps acknowledge this PR.
---------------------------------------------------------------------------
by beberlei at 2011/08/22 00:11:20 -0700
Acknowledged
It was previously agreed to re-license the Doctrine2 based
EventDispatcher refactoring to use the MIT license. However, the files
still retain the LGPL license notice.
This commit changes the license to MIT.
Commits
-------
d880db2 [Form] Test covered fix for invalid date (13 month/31.02.2011 etc.) send to transformer. Closes#1755df74f49 Patched src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToArrayTransformer.php to throw an exception when an invalid date is passed for transformation (e.g. 31st February)
Discussion
----------
[Form] Fix for "DateTimeToArrayTransformer" with invalid dates
Hey,
this is test covered fix from @mdavis1982 (closes#1755)
---------------------------------------------------------------------------
by stloyd at 2011/08/16 01:31:32 -0700
@fabpot Can we have this fix merged ?
Commits
-------
34a1b53 [HttpFoundation] Do not save session in Session::__destroy() when saved already
Discussion
----------
[HttpFoundation] Saving session data in __destroy() has a side effect on functional tests
Having functional test with several non-insulated requests, TestSessionListener invokes session saving at the end of every request. But instance of Session remains in memory until it's collected by garbage collector which saves the same data again in __destroy() method. The problem is that session object can get collected after other requests changed session data (e. g. user logged in) resulting in former data overwriting the latter.
Commits
-------
275da0d [Validator] changed 'self' to 'static' for child class to override pattern constant
Discussion
----------
[Validator] change 'self::' to 'static::' for PATTERN constant overridable in child classes
In TimeValidator and UrlValidator, PATTERN constant is not used with late static bind(static::) while DateValidator supports it.
Commits
-------
80d1718 [Fix] Email() constraints now guess as 'email' field type
Discussion
----------
[Fix] Email() constraints now guess as 'email' field type
I don't know what this was set to "text"
Commits
-------
e88ecbb [Form] Fixed a typo in AbstractType phpdoc
Discussion
----------
[Form] Fixed a typo in AbstractType phpdoc
This PR is a new version of PR #1862.
Original comment :
Hi,
Nothing really awesome, but I fixed a typo in some phpdoc of the AbstractType class.
Commits
-------
09c41d3 [Security] Fixed incorrect merge of two modifications (53f5c23c and 85199677) to AclVoter
Discussion
----------
[Security] Fixed incorrect merge of two modifications to AclVoter
It seems two modifications to `AclVoter` (53f5c23c and 85199677) have been merged incorrectly, leading to a method call on an object that is known to be `null` and a fatal error when running the tests
Commits
-------
4f9d229 The trace argument value could be string ("*DEEP NESTED ARRAY*")
6e7439e expanded namespaces within phpdoc (special for PhpStorm)
f0a6ee5 merge from master
8519967 Calling supportsClass from vote to find out if we can vote
Discussion
----------
The trace argument of an exception can be string (*DEEP NESTED ARRAY*) but with an array type specified
It leads to the exception of a foreach loop:
Invalid argument supplied for foreach() /.../vendor/symfony/src/Symfony/Bundle/FrameworkBundle/Templating/Helper/CodeHelper.php:103
Commits
-------
ae55a98 Added $format in serialize() method, to keep consistence and give a hint to the normalizer.
Discussion
----------
Added $format in serialize() method, to keep consistence and give a hint
Added $format in serialize() method, to keep consistence and give a hint to the normalizer.
---------------------------------------------------------------------------
by Seldaek at 2011/08/12 02:06:19 -0700
👍
Commits
-------
81fb8e1 [DomCrawler] fix finding charset in addContent
Discussion
----------
[DomCrawler] fix finding charset in addContent
According to http://www.ietf.org/rfc/rfc2045.txt content type can include other field after charset. So they should be cut.
Commits
-------
c0571fc [ClassLoader] Improve exception messages of the debug class loader
Discussion
----------
[ClassLoader] Improve exception messages of the debug class loader
---------------------------------------------------------------------------
by Seldaek at 2011/07/31 14:01:40 -0700
Ok, I updated this to just clarify the message, because when I got the issue after some serious copy-paste coding, I thought it was quite confusing - it seems to imply you mistyped the class name when using the class, and therefore it was not found, while the typo is in the class's file itself.
Commits
-------
5219f81 Using the $status parameter instead of fixed value when creating a RedirectResponse.
Discussion
----------
Using the $status parameter instead of fixed value
I checked the usages and the optional `$status` parameter is never used, so maybe another option would be to remove the parameter completely...
---------------------------------------------------------------------------
by jaugustin at 2011/07/25 03:11:00 -0700
maybe you could test that $status is a valid redirect code
---------------------------------------------------------------------------
by stloyd at 2011/07/25 04:40:21 -0700
@jaugustin This check is already included in `RedirectResponse` class.
Commits
-------
266e60e Don't tell a lie to every WebServers
Discussion
----------
Please don't tell a lie to every WebServers
Fake Useragent name should be only in test case .
Commits
-------
03c7cfe UrlGenerator no longer appends '?' if query string is empty
Discussion
----------
UrlGenerator no longer appends '?' if query string is empty
If you generate a URL using null parameters (`array('foo' => null, 'bar' => null')`), `http_build_query` returns an empty string, resulting in a trailing `?` at the end of the generated URL.
This fixes that so that, if there are `$extra` params & `http_build_query` is empty, the URL is no longer appended.
---------------------------------------------------------------------------
by fabpot at 2011/07/22 10:15:26 -0700
Can you add unit tests?
---------------------------------------------------------------------------
by ericclemmons at 2011/07/22 10:52:21 -0700
Yes sir, will do.
-Eric Clemmons
Sent from my iPad Nano
On Jul 22, 2011, at 12:15 PM, fabpot<reply@reply.github.com> wrote:
> Can you add unit tests?
>
> --
> Reply to this email directly or view it on GitHub:
> https://github.com/symfony/symfony/pull/1773#issuecomment-1633515
---------------------------------------------------------------------------
by ericclemmons at 2011/07/22 11:55:30 -0700
**Added passing test.**
Currently `master` fails test:
```
1) Symfony\Tests\Component\Routing\Generator\UrlGeneratorTest::testUrlWithNullExtraParameters
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-http://localhost/app.php/testing
+http://localhost/app.php/testing?
//tests/Symfony/Tests/Component/Routing/Generator/UrlGeneratorTest.php:114
```
If not, as classes can be loaded during the boot, there is no way to be sure that
a class will not be already loaded by a third party bundle.
If the Kernel is already booted, we don't included the compiled classes.
Revert "[Form] CollectionType now checks for data_class parameter instead of only class."
This reverts commit 2e024f87a3.
Conflicts:
tests/Symfony/Tests/Component/Form/Extension/Core/Type/CollectionTypeTest.php
Revert "[Form] Added ObjectFactoryListener. Fixes #1746."
This reverts commit 0327beb0b9.
Conflicts:
tests/Symfony/Tests/Component/Form/Extension/Core/Type/CollectionTypeTest.php
Commits
-------
eae6a77 fixed wrong case
d0a175bfixes#1659f300ede fixes several bugs
a4f05ac added some tests
Discussion
----------
Http util fixes
Fixes several bugs in the http utils.
Please don't add anymore features without sufficient tests. Especially for the Security\Http namespace, regressions are very likely otherwise.
---------------------------------------------------------------------------
by fabpot at 2011/07/19 22:37:26 -0700
Tests do not pass for me:
There were 2 errors:
1) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testLoginLogoutProcedure with data set #0 ('en')
InvalidArgumentException: The current node list is empty.
.../src/Symfony/Component/DomCrawler/Crawler.php:604
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:16
2) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testLoginLogoutProcedure with data set #1 ('de')
InvalidArgumentException: The current node list is empty.
.../src/Symfony/Component/DomCrawler/Crawler.php:604
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:16
--
There were 4 failures:
1) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testAccessRestrictedResource with data set #0 ('en')
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-http://localhost/en/login
+http://localhost/login
.../src/Symfony/Bundle/Securitybundle/Tests/Functional/WebTestCase.php:22
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:38
2) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testAccessRestrictedResource with data set #1 ('de')
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-http://localhost/de/login
+http://localhost/login
.../src/Symfony/Bundle/Securitybundle/Tests/Functional/WebTestCase.php:22
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:38
3) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testAccessRestrictedResourceWithForward with data set #0 ('en')
HTTP/1.0 302 Found
Cache-Control: no-cache
Content-Length: 299
Content-Type: text/html; charset=UTF-8
Date: Wed, 20 Jul 2011 05:36:27 GMT
Location: http://localhost/login
Set-Cookie: PHPSESSID=11c9c6a7e7620e13bddef223a5ba46d9; path=/; domain=
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="refresh" content="1;url=http://localhost/login" />
</head>
<body>
Redirecting to <a href="http://localhost/login">http://localhost/login</a>.
</body>
</html>
Failed asserting that <integer:0> matches expected <integer:1>.
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:50
4) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testAccessRestrictedResourceWithForward with data set #1 ('de')
HTTP/1.0 302 Found
Cache-Control: no-cache
Content-Length: 299
Content-Type: text/html; charset=UTF-8
Date: Wed, 20 Jul 2011 05:36:28 GMT
Location: http://localhost/login
Set-Cookie: PHPSESSID=2bbe63786a088471ade3717917f4ba4f; path=/; domain=
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="refresh" content="1;url=http://localhost/login" />
</head>
<body>
Redirecting to <a href="http://localhost/login">http://localhost/login</a>.
</body>
</html>
Failed asserting that <integer:0> matches expected <integer:1>.
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:50
---------------------------------------------------------------------------
by schmittjoh at 2011/07/19 23:47:29 -0700
I fixed a wrong case, but I couldn't reproduce the other errors (tested on Ubuntu).
My guess is that the temporary directory on your machine couldn't be deleted for some reason, and the test runs with the configuration of some of the previous tests.
---------------------------------------------------------------------------
by fabpot at 2011/07/20 00:28:41 -0700
That does not make any difference for me. For instance, in `LocalizedRoutesAsPathTest::testLoginLogoutProcedure()`, the first request to `'/'.$locale.'/login'` returns the following Response:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="refresh" content="1;url=http://localhost/login" />
</head>
<body>
Redirecting to <a href="http://localhost/login">http://localhost/login</a>.
</body>
</html>
---------------------------------------------------------------------------
by schmittjoh at 2011/07/20 00:31:34 -0700
That's weird, did you make sure that the temporary directory does not exist?
``rm -Rf /tmp/StandardFormLogin/``
On Wed, Jul 20, 2011 at 9:28 AM, fabpot <
reply@reply.github.com>wrote:
> That does not make any difference for me. For instance, in
> `LocalizedRoutesAsPathTest::testLoginLogoutProcedure()`, the first request
> to `'/'.$locale.'/login'` returns the following Response:
>
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html;
> charset=utf-8" />
> <meta http-equiv="refresh" content="1;url=
> http://localhost/login" />
> </head>
> <body>
> Redirecting to <a href="http://localhost/login">
> http://localhost/login</a>.
> </body>
> </html>
>
> --
> Reply to this email directly or view it on GitHub:
> https://github.com/symfony/symfony/pull/1739#issuecomment-1613504
>
---------------------------------------------------------------------------
by fabpot at 2011/07/20 00:33:40 -0700
Yes, I've just checked and the directory does not exist.
---------------------------------------------------------------------------
by schmittjoh at 2011/07/20 00:39:55 -0700
Sorry, I can't reproduce it on Ubuntu and unless someone wants to sponsor me a Mac, there is not much I can do.
Commits
-------
2e024f8 [Form] CollectionType now checks for data_class parameter instead of only class.
0327beb [Form] Added ObjectFactoryListener. Fixes#1746.
Discussion
----------
[Form] Added ObjectFactoryListener. Fixes#1746.
---------------------------------------------------------------------------
by marcw at 2011/07/21 09:32:17 -0700
This patch also fixes a validation issue because it was impossible for the validator to validate an array.
---------------------------------------------------------------------------
by stof at 2011/07/21 09:47:46 -0700
yeah, using the data_class of the prototype would be great